Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 196

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Answered: Why I am not able to edit my profile?
OpenAI acquires health-care technology startup Torch for $60 million, source says
Novo Nordisk CEO explains why new GLP-1 pill expands access to the weight loss drugs
Trump targets credit card rates. What’s at stake for Capital One and other banks
Powell investigation: Drumbeat of Republican opposition grows on Capitol Hill
Bank of America boosts Micron price target, sees upside driven by tight memory supply
BNY raises profit target as CEO Robin Vince says 'turnaround' is taking hold
More drivers have $1,000-plus car loan payments. Here's what buyers can expect in 2026
Stocks making the biggest moves premarket: L3Harris, JPMorgan, Delta, Intel, AMD and more
Intel and AMD get upgrades at KeyBanc thanks to strong server demand for AI